Method and system for generating and distributing mobile ip security key after reauthentication

ABSTRACT

A method for generating and distributing MIP security key after Re-Authentication, including: an AAA Server generates an EMSK during a Re-Authentication process; the MS generate a new first MIP security key for the MS according to the EMSK, and replaces the corresponding old first MIP security key with the new first MIP security key; and a HA receives new second MIP security key information for the HA which is sent by the AAA Server actively, or requests from the AAA Server the new second MIP security key information for the HA, and replaces the corresponding old second MIP security key that is locally stored with the new second MIP security key that is sent by the AAA Server actively or requested from the AAA Server. The present invention ensures execution of MIP Registration process after Re-Authentication.

CROSS REFERENCE

The application claims the priority of CN application No. 200610082325.4, filed on May 24, 2006, entitled “METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP SECURITY KEY AFTER RE-AUTHENTICATION”, CN application No. 200610093541.9, filed on Jun. 26, 2006, entitled “METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP SECURITY KEY AFTER RE-AUTHENTICATION”, and CN application No. 200610146122.7, filed on Nov. 8, 2006, entitled “METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP SECURITY KEY AFTER RE-AUTHENTICATION”, the entire contents of which are incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to network security field, and more particularly, relates to a method and system for generating and distributing mobile IP security key after Re-Authentication.

BACKGROUND

Along with the flourish development of Internet Service and the widely application of Wireless Networks, more and more requirements on Wireless Networks are proposed with respect to demand on security of the mobile users. Expect for Device Authentication, User Authentication, Service Authentication, the problems issues that are not considered in Private Networks, such as building a security channel and exchanging security information between a wireless user and an Access Point (AP) or a Base Station (BS), between a BS and an Authenticator, between an Authenticator and an Authentication Server, need to be focused now.

Illustrated by the example of WiMAX security network infrastructure, excluding other internal devices that are accessed to the network, FIG. 1 illustrates a centralized network infrastructure while FIG. 2 illustrates a distributed network infrastructure.

In the infrastructure shown in FIG. 1, an Authenticator and a BS locate in different Physical Entities. The Authenticator implements an Authenticator Function and a Key Distributor Function, and the BS implements an Authentication Relay Function and a Key Receiver Function.

In the infrastructure shown in FIG. 2, an Authenticator and a BS locate in a same Physical Entity and the entity implements an Authenticator Function, a Key Distributor Function, an Authentication Relay Function and a Key Receiver Function.

Functions of each net element (including logic net elements) in FIG. 1 and FIG. 2 are interpreted as follows:

BS:

-   Providing a security channel between a BS and a Mobile Station (MS),     including compression and encryption of Air Interface Data. -   Providing exchange of information between the BS and the MS.

Authenticator:

-   Providing proxy function of authentication, authorization and     accounting of a MS. -   Implemented in the same physical entity with a Key Distributor.

Authentication Relay:

-   Implementing relay of an Authentication Request and a response     message during an authentication process.

Key Distributor:

-   Implemented in the same physical entity as an Authenticator,     generating an Air Interface Key (AK) that is shared by a BS and an     MS according to root key information peered with the MS from an     Authentication Server, and distributing the AK to a Key Receiver.

Key Receiver:

-   Implemented in a BS, receiving an AK generated by a Key Distributor     and deriving other security keys between the BS and an MS.     Furthermore, as a complete Security Network Infrastructure, an     Authentication Server on back network and a Mobile Station (MS)     shall also be included.

Authentication, Authorization, Accounting (AAA) Server:

-   An AAA Server implements authentication, authorization and     accounting of an MS. The AAA server exchanges with an MS necessary     information for generating security keys based on a negotiated     security key generation mechanism. Because such information is     exchanged before a security channel is built, a security key     algorithm between the AAA Server and the MS must ensure that the     security mechanism is not affected even information is leaked. Main     functions of the AAA Server include: -   Generating and distributing a root security key to an Authenticator. -   When user information changes, informing the Authenticator and other     network elements result of the change.

MS:

-   An MS is a mobile user device, initiates authentication and     authorization in the security infrastructure, exchanges with an AAA     Server necessary information for generating a root security key,     generates a root security key by itself, and generates, according     the root security key, an AK and other derived security key     information that is required by Air Interface Encryption.

Mobile Internet Protocol (MIP) involves the following entities: Mobile Node (MN), Foreign Agent (FA) and Home Agent (HA). An MN initiates a MIP Registration Request with a HA via a FA. The HA associates a Care-of-Address (CoA) with a Home Address (HoA) of the MN when the HA receives the MIP Registration Request. All of the data packets with HoA destination addresses that are received by the HA are forwarded to the CoA addresses, the FA address is in the Mobile Internet Protocol version 4 (MIPv4). For further ensuring security, MIP messages usually carry Authentication Extension (AE). Illustrated by the example of an AE between an MN and a HA, the MN-HA-AE, when the HA receives a MIP Registration Request that carries an MN-HA-AE, the HA needs to compute a local authentication value based on security key information that is known in advance, the HA compares the local authentication value with a corresponding parameter in the MN-HA-AE carried by the data packet. If the local authentication value equals to the corresponding parameter, the MIP Registration Request is processed; otherwise, the MIP Registration Request is denied.

When there is no security key information that is known in advance between the MN and the HA, the MN can use security key information between the MN and the AAA Server to authenticate the MIP Registration Request.

Formula for computing MIP Registration Key in existing WiMAX are as follows:

MN-HA-K: H (MIP-RK, “MIP4MN HA”, HA-IP);

MN-FA-K: H (MIP-RK, “MN FA”, FA-IP);

FA-HA-K: H (MIP-RK, “FA HA”, FA-IP, HA-IP, nonce);

In RFC3957, following algorithm is provided based on random numbers, MN Identifier, and a shared security key between an MN and an AAA Server:

Key=HMAC-SHAI (AAA-Key, {Nonce∥MN-ID}).

MIP has two types in WiMAX: Client Mobile IP (CMIP) and Proxy Mobile IP (PMIP). For an MS that supports MIP, it works in CMIP Mode, and an MN works as the MS. In contrary, for an MS that does not support MIP, network side creates a PMIP-Client Entity in substitution of the MS to implement the MIP Function. FIG. 3 a shows a security network infrastructure based on CMIP Mode, and FIG. 3 b shows a security network infrastructure based on PMIP Mode.

(1) Generation and Distribution of PMIPv4 security key

During an access and authentication process, an AAA Server generates Extended Master Session Key (EMSK), computes Mobile Internet Protocol Root Key (MIP-RK), and derives security keys between MN-HA, MN-FA and FA-HA (being MN-HA-K, MN-FA-K and FA-HA-K respectively). Then the security keys between MN-HA, MN-FA and FA-HA are transmitted in encryption to a Network Authentication Server (NAS).

The FA-HA-K may be generated directing for a specified HA and FA group by the AAA Server rather than being derived from the EMSK.

The prior art defines that the generation formula for the above MN-HA-K (may be called MN-HA-MIP4-K in MIPv4), MN-FA-K, FA-HA-K are associated with the following factors:

During an access and authentication process of a MS, an EMSK is generated between the MS and an AAA Server. The MS and the AAA Server can compute a MIP-RK via a function defined by the EMSK. A security key between an MN and a HA (MN-HA-K) can be computed based on the MIP-RK and Home Agent IP Address (HA-IP) via a defined function (by the AAA Server in PMIP Mode). A security key between the MN and a FA (MN-FA-K) can be computed based on the MIP-RK and Foreign Agent IP Address (FA-IP) via a defined function. A security key between the FA and the HA (FA-HA-K) can be computed based on the MIP-RK, FA-IP, HA-IP and a random number via a defined function. The formula are as follows:

MN-HA-MIP4=H (MIP-RK, “MIP4 MN HA”|HA-IP)

MN-FA=H (MIP-RK, “MN FA”|FA-IP)

FA-HA=H (MIP-RK, “FA HA”|FA-IP|HA-IP|NONCE)

(2) Generation and Distribution of CMIPv4 security key

During an access and authentication process, an AAA Server generates an EMSK, computes a MIP-RK, and derives security keys between MN-HA, MN-FA and FA-HA (optional). An MN can compute the security keys between MN-FA and MN-HA according to a FA-IP and a HA-IP. A NAS acquires the security keys between MN-HA, MN-FA and FA-HA. A security key associated with a HA is obtained by requesting from the AAA Server in the first MIP Registration Request process.

However, prior arts only describe the generation formula of MIP security keys, it is not provided how will the FA and HA process the existent security keys and the existent security association (the security association includes: MIP security keys, lifetime of the security keys, Safety Parameter Index (SPI) and algorithms used for parameters associated with Authentication Extension) after Re-Authentication. Thus, when an MS uses new security keys for MIP Registration, if a FA and a HA on network side still use old security keys to perform authentication, the MIP Registration Request initiated by the MS after Re-Authentication is possibly be always denied.

SUMMARY

Embodiments of the present invention provides a method and system for generating and distributing MIP security key after Re-Authentication of MS, so as to support an MIP Registration process after Re-Authentication.

A method for generating and distributing MIP security key after Re-Authentication includes:

-   generating, by an MS and an AAA Server, an EMSK during a     Re-Authentication process; -   generating, by the MS, a new MIP security key for the MS according     to the EMSK and replacing the corresponding old MIP security key     with the new MIP security key; -   receiving, by a HA, new MIP security key information for the HA     which is sent by the AAA Server actively, or requesting, from the     AAA Server, the new MIP security key information for the HA, and     replacing the corresponding old MIP security key that is locally     stored with the new MIP security key.

A method for generating and distributing MIP security key after Re-Authentication includes:

-   generating, by an MS and an AAA Server, an EMSK during a     Re-Authentication process; -   delivering, by the AAA Server, new security key information to an     Anchor Authenticator, and acquiring, by the Anchor Authenticator, a     new MIP security key based on the new security key information; -   acquiring, by a Proxy Mobile IP Station corresponding to the MS, the     new MIP security key from the Anchor Authenticator and replacing the     corresponding old MIP security key that is locally stored with the     new MIP security key; or storing, by the Anchor Authenticator, the     new MIP security key, and acquiring the corresponding new MIP     security key from the Anchor Authenticator when Proxy Mobile IP     Station initiates a MIP Registration Request. -   receiving, by a HA, new MIP security key information for the HA     which is sent by the AAA Server actively, or requesting, from the     AAA Server, the new MIP security key information for the HA, and     replacing the corresponding old MIP security key that is locally     stored with the new MIP security key.

A system for generating and distributing MIP security key after Re-Authentication, includes:

-   an MS, including a Client Mobile IP Station, a functional unit that     initiates a Re-Authentication Request and generates an EMSK, and a     functional unit that generates a new MIP security key for the MS     according to the EMSK and replaces the corresponding old MIP     security key with the new MIP security key; -   an AAA Server, including a functional unit that generates the EMSK     during a Re-Authentication process, and a functional unit that sends     MIP security key information; -   a HA, including a functional unit that receives a new MIP security     key for the HA which is sent by the AAA Server actively and replaces     the corresponding old MIP security key that is locally stored with     the new MIP security key, or a functional unit that requests from     the AAA Server the new MIP security key for the HA and replaces the     corresponding old MIP security key that is locally stored with the     new MIP security key.

A system for generating and distributing MIP security key after Re-Authentication, includes:

-   an MS, including a functional unit that initiates a     Re-Authentication Request and generates an EMSK; -   an AAA Server, including a functional unit that generates the EMSK     during a Re-Authentication process, and a functional unit that sends     MIP security key information; -   an Anchor Authenticator, including a functional unit that acquires a     new MIP security key based on new security key information sent by     the AAA Server, and a first sending unit that sends the new MIP     security key to a Proxy Mobile IP Station corresponding to the MS; -   a Proxy Mobile IP Station corresponding to the MS, located on     network side, including a functional unit that receives the MIP     security key sent by the Anchor Authenticator and replaces the old     MIP security key with the new MIP security key, or a functional unit     that acquires the MIP security to the Anchor Authenticator; -   a HA, including a functional unit that receives a new MIP security     key for the HA which is sent by the AAA Server actively and replaces     the corresponding old MIP security key that is locally stored with     the new MIP security key, or a functional unit that requests from     the AAA Server the new MIP security key for the HA and replaces the     corresponding old MIP security key that is locally stored with the     new MIP security key.

The present invention provides a method and system for generating and distribution MIP security key after Re-Authentication of MS, so as to support a MIP Registration process after Re-Authentication, ensuring the execution of MIP Registration process after Re-Authentication of MS.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a Centralized WiMAX Security Infrastructure in the prior art;

FIG. 2 illustrates a Distributed WiMAX Security Infrastructure in the prior art;

FIG. 3 a illustrates a complete CMIP based Network Security Infrastructure in the prior art;

FIG. 3 b illustrates a complete PMIP based Network Security Infrastructure in the prior art;

FIG. 4 a illustrates a schematic flowchart of a CMIP Mode in which an AAA Server delivers a security key to a HA actively, according to an embodiment of the present invention;

FIG. 4 b illustrates a schematic flowchart of a PMIP Mode in which an AAA Server delivers a security key to a HA actively, according to an embodiment of the present invention; and

FIG. 5 illustrates a schematic flowchart of a CMIP Mode in which a HA requests a security key from an AAA Server, according to an embodiment of the present invention.

DETAILED DESCRIPTION

Embodiments of the present invention use MIP-FA-RK as a root security key that is specified for deriving FA associated security keys.

MIP-FA-RK is a root security key that is derived directly or indirectly from an EMSK and is specified for deriving FA associated security keys. The indirect derivation means that the EMSK derives a MIP-RK first, and the MIP-RK derives the MIP-FA-RK.

Formula for deriving the MIP-FA-RK are as follows:

MIP-FA-RK=H (EMSK, “FA ROOT KEY”);

For example:

MIP-FA-RK=HMAC-SHA1 (EMSK, “FA ROOT KEY”) etc.

The manners of the functions and the parameters are not limited thereto, and to one of the ordinary skilled in the art, it would be easy to obtain a root security key that is associated with the generation of FA based on the EMSK or the MIP-RK. Embodiments of the present invention emphasize usage of MIP-FA-RK to generate security keys that are associates with FA, rather than focus on the detailed manners.

During an authentication or Re-Authentication process, if a FA-IP is used to compute the associated MIP security key, an Anchor Authenticator needs to distinguish the FA-IP because an FA-IP in an MS perspective is different from a FA-IP in a HA perspective. Following manners may be used to distinguish the FA-IP:

-   1. To compute an MN-FA-K and a FA-HA-K both using the FA-IP in a MS     perspective; -   2. To compute an MN-FA-K and a FA-HA-K both using the FA-IP in a HA     perspective; -   3. The MS and the Anchor Authenticator compute an MN-FA-K by using     the FA-IP in an MS perspective; the AAA Server and the Anchor     Authenticator computes a FA-HA-K by using the FA-IP in a HA     perspective; -   4. For other computation manners, the same FA-IP parameters are used     for computing the same security key.

It should be noticed that, the method for generating and distributing MIP security key after Re-Authentication according to embodiments of the present invention is not limited to compute MIP security key based on IP address, all of the algorithms that can be used for MIP security key before Re-Authentication can be used for the generation of MIP security key after Re-Authentication.

EMBODIMENT 1

This embodiment corresponds to the condition that during a Re-Authentication process of an MS, an AAA Server (the AAA Server can be a Home AAA Server to a Visit AAA Server) actively delivers a new security key to a HA.

In embodiment 1,after a Re-Authentication of an MS, the MS and an AAA Server both generate new EMSKs. The AAA Server delivers a new MIP security key to an Anchor Authenticator during the Re-Authentication process, and informs a HA of the new MIP security key.

The MIP security key in embodiments of the present invention includes one of the followings or a combination thereof: the shared MIP security keys between any two entities of MN, FA, HA, security keys of different levels that derive the above shared MIP security keys.

The new MIP security key sent by the AAA Server to the Anchor Authenticator and the HA includes one of the followings:

-   1) EMSK; -   2) MIP-RK; -   3) MIP-FA-RK and MN-HA-K; -   4) EMSK; MN-HA-K and FA-HA-K; or MIP-RK, MN-HA-K and FA-HA-K; or     MIP-FA-RK, MN-HA-K and FA-HA-K.

Wherein, the FA-HA-K is generated in the following two manners:

-   Manner one: being directly derived from the EMSK; or being     indirectly derived from the EMSK, that is, the EMSK derives a second     level security key MIP-RK, and the MIP-RK derives the FA-HA-K. Such     a manner is associated with each authentication of the MS. -   Manner two: the FA-HA-K is set, by the AAA Server, directing to a     specified HA and FA, the AAA Server generates a HA-RK, and the HA-RK     derives the FA-HA-K, that is, the FA-HA-K is only associated with a     device. In such a manner, when the AAA Server changes the FA-HA-K,     the AAA Server timely informs the FA and the HA to update. Or, when     the FA and the HA find that the locally stored FA-HA-K is expired,     they request, from the AAA Server, the new FA-HA-K and performs     update. In other conditions, the FA-HA-K does not change, even the     MN is Re-Authenticated, it is not necessary that the AAA Server     delivers the FA-HA-K to the FA and HA each time.

Following embodiments are illustrated by the example of generating the FA-HA-K in manner one.

When the MN acquires the new MIP security keys, all of the old MIP security keys are replaced with the new MIP security keys (the new MIP security keys of the MN include: one of MN-FA-K, MN-HA-K, EMSK, MIP-RK, FA-RK or a combination thereof). When the Anchor Authenticator acquires the new MIP security keys, the Anchor Authenticator informs the HA to replace all of the old associated security keys with the new MIP security keys (the MIP security keys of the HA include: one of MN-FA-K, FA-HA-K, FA-RK or a combination thereof). When the FA acquires the new MIP security keys, if all of the associated security keys are not sent by the AAA Server, the FA computes all of the associated security keys and replaces the old security keys with the new security keys (the MIP security keys of the FA include: one of FA-HA-K, MN-HA-K, FA-RK, MIP-RK or a combination thereof). A replacement of the security keys in all of the associated entities is accompanied with a replacement of the Security Association.

The security keys sent by the AAA Server to the Anchor Authenticator include: EMSK (optional), MIP-RK (optional), MIP-FA-RK and other MIP security keys (optional).

All of the messages in MIP Registration Request use the new MIP security key after Re-Authentication.

FIG. 4 a and FIG. 4 b illustrate a schematic flowchart of a CMIP Mode and a PMIP Mode according to embodiments of the present invention respectively, in which an AAA Server delivers a security key to a HA actively. As shown in FIG. 4 a and FIG. 4 b, generation and distribution of MIP security key after Re-Authentication includes the following steps:

An MS and an AAA Server generate a new EMSK during a Re-Authentication process. The AAA Server delivers a new security key to a Network Authentication Server (such as an Anchor Authenticator).

All of the MIP security keys are distributed before the Re-Authentication, the MS can perform a MIP Registration Request by using a known MIP security key, and all of the other MIP Entities can perform correct authentications and make responses. If a Re-Authentication is triggered due to some reasons (such as the lifetime of AK is expiring), the AAA Server sends to the Anchor Authenticator, new security key information including a MIP security key (an optional parameter, can be one of a MN-HA-K, an MN-FA-K, a FA-HA-K or a combination thereof), a MIP-FA-RK (or an EMSK, or a MIP-RK) and a random number (optional, a transfer parameter that is used for computing all of the MIP security keys may also be included). All of the sent security keys are encrypted using the method in section 3.5 of RFC2868.

Meanwhile, the AAA Server stores the MIP-FA-RK (or the EMSK, or the MIP-RK), so that a new FA-HA-K can be generated and a HA is informed of the new FA-HA-K in subsequent FA updates. If the (MIP-FA-RK and the MN-HA-K), or the MIP-RK is stored, the AAA Server can delete the EMSK. If the random number is involved, the AAA Server also stores the random number that is sent.

The purpose of defining the MIP-FA-RK according to embodiments of the present invention is to control the Anchor Authenticator. Especially in a CMIP Mode, the AAA Server does not deliver security keys that are associated with the MN-HA-K, the Anchor Authenticator only can compute a security key that is associated with the FA according to the sent MIP-FA-RK. Thus the light of the Anchor Authenticator is controlled and the security of the network is enhanced.

The Anchor Authenticator acquires the MIP security key based on the security key information sent by the AAA Server.

If the AAA Server does not deliver the MN-FA-K and the FA-HA-K to the Anchor Authenticator previously, the Anchor Authenticator derives the MIP security key from the MIP-FA-RK (or the EMSK, or the MIP-RK) that is obtained from the AAA Server, because the Anchor Authenticator has known the associated computation parameters (for example, the HA-IP, FA-IP under a computation manner using IP addresses) that are corresponding to the MS. The Anchor Authenticator sends the generated MN-FA-K and FA-HA-K to the FA (the Anchor Authenticator can deliver them actively, or the FA can request them from the Anchor Authenticator, whatever the Anchor Authenticator after Re-Authentication and the FA is within a same Physical Entity or not).

In the PMIP Mode, the Anchor Authenticator and a PMIP Station uses Internal or External Message Exchange (Internal Message Exchange is used when both the Anchor Authenticator and the PMIP Station is within a same physical entity and External Message Exchange is used when the Anchor Authenticator and the PMIP Station is within different physical entities) to share the security key. When the PMIP Station stores the MIP security key itself, a new MIP security key is acquired from the Anchor Authenticator and is used to replace the old MIP security key that is locally stored. When the PMIP Station does not store the MIP security key itself, the Anchor Authenticator stores the new MIP security key, the PMIP Station acquires the new MIP security key from the Anchor Authenticator when the PMIP Station initiates a MIP Registration Request.

For CMIP Mode, the MS can derive the MN-HA-K and the MN-FA-K based on a new EMSK (or a MIP-RK, a MIP-FA-RK computed based on the EMSK) that is generated by the Re-Authentication with the AAA Server.

The FA can be Re-Authenticated as follows: Comparing a SPI of a MIP Registration Request and an original SPI, and if they are different, then determining a Re-Authentication occurs. Or, a MIP initiator adds indication information in a MIP Registration Request and the FA knows that a Re-Authentication occurs based thereon.

When the MS/PMIP Station acquires the new security key information, the original security key is replaced, and thus the condition in presence of two security keys in the same time does not exist. A replacement of the security keys in all of the associated entities is accompanied with a replacement of the Security Association.

The AAA Server actively sends the security key that is needed by the HA to the HA. The security key sent to the HA can be an EMSK, or a MIP-RK, or a MIP-FA-RK, or a MIP security key for the HA (optionally, such as an MN-HA-K or a FA-HA-K). If the MIP security key for the HA is not sent directly, an EMSK root key, MIP-RK root key or MIP-FA-RK root key is sent, if a random number is involved, the random number that is used for computing the FA-HA-K is also added.

After the AAA Server and the HA acquire the new security key information, the original security key is replaced, and thus the condition in presence of two security keys in the same time does not exist. A replacement of the security keys in all of the associated entities is accompanied with a replacement of the Security Association.

When the MN needs to initiate the MIP Registration Request, the MN, FA and HA use the new MN-HA-K, new FA-HA-K and new MN-FA-K to compute and authenticate a corresponding Authentication Extension carried in the MIP Registration Request during the entire MIP Registration Request process.

When the first MIP Registration Request after Re-Authentication is successfully completed, all of the MIP Registration Entities have the necessary security key and corresponding context.

If another FA movement occurs, a destination FA requests associated security information from a new Anchor Authenticator, or the new Anchor Authenticator actively updates the associated security information of the destination FA. The destination FA can process subsequent MIP Registration Requests by using the acquired security information.

EMBODIMENT 2

This embodiment corresponds to a method for generating and distributing a MIP security key under the condition that during a Re-Authentication process, an AAA Server does not actively deliver a security key to a HA.

After a Re-Authentication of an MN, EMSK is regenerated. The AAA Server delivers a newly generated associated security key to an Anchor Authenticator; meanwhile, the MN acquires the associated security key independently.

The associated security key includes: EMSK or MIP-RK or MIP-FA-RK, and other MIP security keys.

FIG. 5 is a flowchart of a method for generating and distributing a security key in CMIPv4 Mode in which an AAA Server does not actively deliver a MIP security key. As shown in FIG. 5, generation and distribution of MIP security key after Re-Authentication includes the following steps:

1. The AAA Sever delivers the new associated security key to the Anchor Authenticator in the Re-Authentication process.

All of the MIP security keys have been distributed before the Re-Authentication, the MS can perform a MIP Registration Request by using a known MIP security key, and all of the other MIP Entities can perform correct authentications and make responses. If a Re-Authentication is triggered due to some reasons, the AAA Server sends to the Anchor Authenticator, new security key information including a MIP security key (an optional parameter, can be one of a MN-HA-K, a MN-FA-K, a FA-HA-K or a combination thereof), a MIP-FA-RK (or an EMSK, or a MIP-RK) and a random number (optional, a transfer parameter that is used for computing all of the MIP security keys may also be included). If a SPI is computed based on the security key, SPI information that corresponds to each security key may also be included. If the security key information sent by the AAA Server does not carry SPI, the Anchor Authenticator computes the SPI that corresponds to the security key. All of the sent security keys are encrypted using the method in section 3.5 of RFC2868.

Meanwhile, the AAA Server stores the MIP-FA-RK (or the EMSK, or the MIP-RK), so that a new FA-HA-K can be generated and a HA is informed of the new FA-HA-K in subsequent FA updates. If the (MIP-FA-RK and the MN-HA-K), or the MIP-RK is stored, the AAA Server can delete the EMSK. If the random number is involved, the AAA Server also stores the random number that is sent.

The purpose of defining the MIP-FA-RK according to embodiments of the present invention is to control the Anchor Authenticator. Especially in the CMIP Mode, the AAA Server does not deliver security keys that are associated with the MN-HA-K, and the Anchor Authenticator only can compute a security key that is associated with the FA according to the sent MIP-FA-RK. Thus the right of the Anchor Authenticator is controlled and the security of the network is enhanced.

2. The Anchor Authenticator acquires the MIP security key based on the security key information sent by the AAA Server, and sends the MIP security key to the FA.

If the AAA Server does not deliver the MN-FA-K and the FA-HA-K to the Anchor Authenticator previously, the Anchor Authenticator derives the MIP security key from the MIP-FA-RK that is obtained from the AAA Server, because the Anchor Authenticator has known the associated computation parameters (for example, the HA-IP, FA-IP under a computation manner using IP addresses) that are corresponding to the MS. The Anchor Authenticator sends the generated MN-FA-K and FA-HA-K to the FA (the Anchor Authenticator can deliver them actively, or the FA can request them from the Anchor Authenticator, no matter the Anchor Authenticator after Re-Authentication and the FA is within a same Physical Entity or not).

In CMIP Mode, the MS can derive the MN-HA-K and the MN-FA-K based on a new EMSK (or a MIP-RK, a MIP-FA-RK computed based on the EMSK) that is generated by the Re-Authentication with the AAA Server.

The FA can be Re-Authenticated as follows: Comparing a SPI of a MIP Registration Request and an original SPI, and if they are different, then determining a Re-Authentication occurs. Or, a MIP initiator adds indication information in a MIP Registration Request and the FA knows that a Re-Authentication occurs based thereon.

When the MN/FA acquires the new security key information, the original security key is replaced, and thus the condition in presence of two security keys in the same time does not exist. A replacement of the security keys in all of the associated entities is accompanied with a replacement of the Security Association.

3. The HA requests authentication and security information from the AAA Server.

When the MN needs to initiate a MIP Registration Request, the MIP Registration Request carries an Authentication Extension between the MN and the AAA Server and a Network Access Identifier (NAI) Extension (the NAI Extension identifies the MN and the corresponding AAA Server) except to a new MN-FA-AE and a new MN-HA-AE.

When the FA receives the MIP Registration Request, the FA requests the MN-FA-K from the Anchor Authentication so as to authenticate the AE between the MN and the FA. After a successful authentication, the FA forwards the MIP Registration Message to the HA.

After the authentication and forwarding of the FA, the HA can recognize a MN-AAA-AE after it has received the MIP Registration Request (the MIP Registration Request carries a MN-HA-AE and a MN-AAA-AE), and then the HA knows that a Re-Authentication occurs and requests authentication and security key information from a Home AAA Server (HAAA). The requested security key can be a root key (for example, an EMSK, or a MIP-RK, or a MIP-FA-RK) and/or a MIP security key (for example, a MN-HA-K and FA-HA-K). If the HA locates in a Visit Network, the HA needs a VAAA as a proxy for intercommunicating with the HAAA.

The AAA Server authenticates the AE between the MN and the AAA Server, if the result of authentication is successful, the MN-HA-K/FA-HA-K and the result of authentication are delivered to the HA. If the MIP security key is not sent directly, the AAA Server needs to add a random number that is used to compute the FA-HA-K when sending a root security key EMSK/MIP-RK/MIP-FA-RK. After the MN-HA-K is acquired, if the MIP Registration Request carries the AE between the MN and the HA, the HA can authenticate the AE between the MN and the HA by using the MN-HA-K.

Subsequent MIP Registration Requests cannot carry the AE between the MN and the AAA.

After the AAA Server and the HA acquire the new security key information, the original security key is replaced, and thus the condition in presence of two security keys in the same time does not exist. A replacement of the security keys in all of the associated entities is accompanied with a replacement of the Security Association.

4. After the HA has acquired the MIP security key information, the MN-HA-AE can be authenticated, then the MIP Registration Request itself is processed, and a MIP Registration Report is sent as a response to the MIP Registration Request. When the first MIP Registration Request after Re-Authentication is successfully completed, all of the MIP Registration Entities have the necessary security key and corresponding context. If another FA movement occurs, a destination FA requests associated security information from a new Anchor Authenticator, or the new Anchor Authenticator actively updates the associated security information of the destination FA. The destination FA can process subsequent MIP Registration Requests by using the acquired security information.

The above method for generating and distributing MIP security key when an AAA Server does not actively deliver security key to a HA is illustrated by the example of CMIP Mode. For PMIP Mode, if the PMIP Station or Anchor Authenticator has negotiated with the AAA Server a shared security key for generating MN-AAA-AE, the MN-AAA-AE can be carried in the MIP Registration Request initiated by the PMIP, steps 3 and 4 are performed when the HA has received the MIP Registration Request.

Furthermore, whatever for CMIP Mode or PMIP Mode, the MIP Registration Request can also carry an Authentication Extension between the MN and the HA, the Authentication Extension between the MN and the HA includes at least a result value of a request message after encrypted computation and a Security Parameter Index (SPI). The SPI uses a new SPI value that is different from the SPI used before the Re-Authentication of MS. After the HA has received the MIP Registration Request, if the HA discovers that the SPI is different, the HA initiates a request for acquiring security key with the AAA Server and authenticates, by using the newly acquired security key, the result value carried in the Authentication Extension of the MIP Registration Request that is currently received. If the authentication is passed, the corresponding old MIP security key and old SPI that are locally stored are replaced with the new MIP security key and new SPI.

Similar to the above embodiments, the SPI and security key between the MN and FA has the following mechanisms: the MIP Registration Request can also carry an Authentication Extension between the MN and the FA, the Authentication Extension between the MN and the FA includes at least a result value of a request message after encrypted computation and a Security Parameter Index (SPI). The SPI uses a new SPI value that is different from the SPI used before the Re-Authentication of MS. After the FA has received the MIP Registration Request, if the FA discovers that the SPI is different, the FA initiates a request for acquiring security key with the Anchor Authenticator and authenticates, by using the newly acquired security key, the result value carried in the Authentication Extension of the MIP Registration Request that is currently received. If the authentication is passed, the corresponding old MIP security key and old SPI that are locally stored are replaced with the new MIP security key and new SPI.

EMBODIMENTS 3 Not generating Security Key Associated with FA

In all of the above embodiments, it is considered that security between MN-FA and FA-HA is ensured by MN-FA-K and FA-HA-K. Under a circumstance that the security between MN-FA and FA-HA does not need considering, or the security between MN-FA and FA-HA is ensured by other manners, the previous flow can be simplified.

I. In the PMIP Mode, generation and distribution of MIP security key after Re-Authentication includes the following steps:

-   1. An AAA Server and an MS independently compute new EMSKs at a same     time during an Extensible Authentication Protocol (EAP) of     Re-Authentication; -   2. The AAA Server delivers the EMSK, or a MIP-RK, or a MN-HA-K and     context information to an Anchor Authenticator during the EAP of     Re-Authentication; -   3. The AAA Server actively delivers the EMSK, or the MIP-RK, or the     MN-HA-K to a HA; -   4. A PMIP Station that corresponds to the MS acquires a MIP security     key from the Anchor Authenticator, and initiates a MIP Registration     Request. The MIP Registration Request is attached with a new     MN-HA-AE that is computed by using the new MN-HA-K, and carries a     different SPI value that is different from the SPI value before     Re-Authentication so as to inform the HA of the Re-Authentication.     The different SPI value can be computed from the new security key,     or a unique value, assigned by the PMIP Station, corresponding to a     Network Access Identifier (NAI) of the MS can be used as the SPI     value; -   5. A FA forwards the MIP Registration Request (MIP-RRQ) to the HA,     and the HA authenticates and processes the MIP-RRQ by using the new     MN-HA-K. If the SPI value included in the MIP-RRQ is different from     the SPI value currently maintained by the HA, the HA requests from     the AAA Server new security key information first, and then the HA     authenticates the Authentication Extension between a MN and the HA.     If the authentication passes, the corresponding MIP security key and     context information stored by the HA is updated; -   6. The HA sends a MIP Registration Report (MIP-RRP), which is     attached with a MN-HA-AE that is computed by using the new MN-HA-K.     The FA forward the MIP-RRP to the PMIP Station that corresponds to     the MS, and the PMIP Station that corresponds to the MS     authenticates, by using the new MN-HA-K, the MN-HA-AE carried in the     MIP Registration Report that is sent by the HA.

II. In the CMIP Mode, generation and distribution of MIP security key after Re-Authentication includes the following steps:

-   1. An AAA Server and an MS independently compute new EMSKs at a same     time during an Extensible Authentication Protocol (EAP) of     Re-Authentication; -   2. The AAA Server actively delivers the EMSK, or the MIP-RK, or the     MN-HA-K to a HA; -   3. A CMIP Station that corresponds to the MS (the CMIP Station is     within the MS, that means the MS supports MIP function) initiates     MIP Registration Request, the MIP Registration Request is attached     with a MN-HA-AE that is computed by using the new MN-HA-K. If     security key is not sent to the HA in previous step 2, an MN-AAA-AE     and a NAI Extension shall be attached in the MIP Registration     Request, and the HA requests from the AAA Server the security key.     Or, a SPI value that is different from the SPI value before     Re-Authentication can be carried in the MIP Registration Request so     as to inform the HA that a Re-Authentication occurs, and HA requests     from the AAA Server new security key. The different SPI value can be     computed from the new security key, or a unique value, assigned by     the MS, corresponding to a Network Access Identifier (NAI) of the MS     can be used as the SPI value; -   4. A FA forwards the MIP Registration Request (MIP-RRQ) to the HA,     if the MIP-RRQ includes the MN-AAA-AE and the NAI Extension, the HA     request from the AAA Server the new MN-HA-K and processes the     MIP-RRQ after authenticating the MN-HA-AE by using the new MN-HA-K.     If the SPI value included in the MIP-RRQ is different from the SPI     value currently maintained by the HA, the HA requests from the AAA     Server new security key information first, and then the HA     authenticates the Authentication Extension between a MN and the HA.     If the authentication passes, the corresponding MIP security key and     context information stored by the HA is updated; otherwise, the HA     directly uses the new MN-HA-K to perform authentication and     processes the MIP-RRQ; -   5. The HA sends a MIP Registration Report (MIP-RRP), which is     attached with a MN-HA-AE that is computed by using the new MN-HA-K.     The FA forward the MIP-RRP to the CMIP Station that corresponds to     the MS, and the CMIP Station that corresponds to the MS     authenticates, by using the new MN-HA-K, the MN-HA-AE carried in the     MIP Registration Report that is sent by the HA.

According to the method provided in the embodiments of the present invention, embodiments of the present invention also provide a system for generating and distributing mobile IP security key after Re-Authentication.

For CMIP Mode, embodiments of the present invention provide a system comprising:

-   a Mobile Station, including a Client Mobile IP Station (CMIP     Station), a functional unit configured to initiate a     Re-Authentication Request and generate Extension Master Session Key     (EMSK), and a functional unit configured to generate a new     associated MIP security key of the MN based on the EMSK and replace     the old associated security key; -   an Authentication Authorization Accounting (AAA) Server, including a     functional unit configured to generate the EMSK during an     Re-Authentication process, and a functional unit configured to send     MIP associated security key information; and -   a Home Agent (HA), including a functional unit configured to receive     new security key information sent by the AAA Server and replace a     corresponding old MIP security key that is locally stored with the     new security key information; or a functional unit configured to     request from the AAA Server the new security key information and     replace the corresponding old MIP security key that is locally     stored with the new security key information;

The system further comprises:

-   an Anchor Authenticator, including a functional unit configured to     receive new security key information sent by the AAA Server and     acquire a new MIP security key that is needed by an Foreign Agent     (FA) based on the new security key information sent by the AAA     Server; and a functional unit configured to send the necessary new     MIP security key to the FA; and -   a Foreign Agent, including a functional unit configured to receive a     new MIP security key sent by the Anchor Authenticator or request     from the Anchor Authenticator the new MIP security key, and replace     an old MIP security key with the new MIP security key.

For PMIP Mode, embodiments of the present invention provide a system comprising:

-   a Mobile Station, including a functional unit configured to initiate     a Re-Authentication Request and generate Extension Master Session     Key (EMSK); -   an Authentication Authorization Accounting (AAA) Server, including a     functional unit configured to generate the EMSK during an     Re-Authentication process, and a functional unit configured to send     MIP associated security key information; -   an Anchor Authenticator, including a functional unit configured to     receive new security key information sent by the AAA Server and     acquire a new MIP security key; and a first sending unit configured     to send the new MIP security key to a Proxy Mobile IP Station (PMIP     Station) that corresponds to the MS; -   a Proxy Mobile IP Station (PMIP Station) that corresponds to the MS,     located on network side, including a functional unit configured to     receive associated MIP security key sent by the Anchor Authenticator     and replace an old MIP security key with the associated MIP security     key; or a functional unit configured to acquire the associated MIP     security key from the Anchor Authenticator; -   a Home Agent (HA), including a functional unit configured to receive     new security key information sent by the AAA Server and replace a     corresponding old MIP security key that is locally stored with the     new security key information; or a functional unit configured to     request from the AAA Server the new security key information and     replace the corresponding old MIP security key that is locally     stored with the new security key information; -   wherein the Anchor Authenticator also includes a second sending unit     configured to send a new MIP security key to the FA;

The system further comprises:

-   a Foreign Agent, including a functional unit configured to receive a     new MIP security key sent by the Anchor Authenticator or request     from the Anchor Authenticator the new MIP security key, and replace     an old MIP security key with the new MIP security key.

Summing up, embodiments of the present invention provide a mechanism for generating MIP associated security key after Re-Authentication of MS, and process for distributing MIP security key, and embodiments of the present invention ensure execution of MIP Registration after Re-Authentication. Under the circumstance that an FA moves, because an Anchor Authenticator owns security key information associated with the FA (directly owns MN-FA-K and FA-HA-K, and/or owns one of MIP-RK, MIP-FA-RK, EMSK), the destination FA and HA can request from the Anchor Authenticator, updated MN-FA-K and FA-HA-K.

The above embodiments are merely used to illustrate the present invention but not to limit the present invention. Any modification, equivalent substitution, or improvement within the principal and spirit of the present invention shall be regarded as within the range of the present invention. 

1-26. (canceled)
 27. A method for generating and distributing Mobile IP (MIP) security key after Re-Authentication, comprising: generating, by an Authentication Authorization Accounting (AAA) Server, an Extended Master Session Key (EMSK) during a Re-Authentication process; generating, by the MS, a new first Mobile IP (MIP) security key for the MS according to the EMSK, and replacing the corresponding old first MIP security key with the new first MIP security key; and receiving, by a Home Agent (HA), new second MIP security key information for the HA which is sent by the AAA Server actively, or requesting, from the AAA Server, the new second MIP security key information for the HA, and replacing the corresponding old second MIP security key that is locally stored with the new second MIP security key that is sent by the AAA Server actively or requested from the AAA Server.
 28. The method of claim 27, further comprising: delivering, by the AAA Server, new security key information to an Anchor Authenticator, the new security key information is the EMSK or is derived from the EMSK; acquiring, by the Anchor Authenticator, a new MIP security key that is required by a Foreign Agent (FA) based on the security key sent by the AAA Server; delivering, by the Anchor Authenticator, the new MIP security key that is required by a FA to the FA, or requesting, by the FA, the Anchor Authenticator for the new MIP security key required by the FA; and replacing, by the FA, an old MIP security key with the new MIP security key.
 29. The method of claim 28, wherein delivering by the AAA Sever the new security key information to an Anchor Authenticator comprises: sending, by the AAA Server, the EMSK to the Anchor Authenticator; or sending a Mobile IP Foreign Agent Root Key (MIP-FA-RK) that is derived from the EMSK; or sending a Mobile IP Root Key (MIP-RK) that is derived from the EMSK; or sending one of the EMSK, MIP-FA-RK, MIP-RK and a MIP security key between an Mobile Node (MN) and the FA (MN-FA-K) that is derived from the EMSK and a MIP security key between an FA and the HA (FA-HA-K) that is derived from the EMSK; or sending one of the EMSK, MIP-FA-RK, MIP-RK and MN-FA-K and a Root Key for generating a MIP security key between the FA and HA (HA-RK).
 30. The method of claim 29, wherein acquiring by the Anchor Authenticator a new MIP security key that is required by a Foreign Agent (FA) based on the security key sent by the AAA Server comprises: acquiring, by the Anchor Authenticator, new MIP security key that is required by the FA through a computation based on the EMSK, when the AAA Server sends the EMSK to the Anchor Authenticator; or acquiring, by the Anchor Authenticator, new MIP security key that is required by the FA through a computation based on the MIP-FA-RK, when a Mobile IP Foreign Agent Root Key (MIP-FA-RK) that is derived from the EMSK is sent; or acquiring, by the Anchor Authenticator, new MIP security key that is required by the FA through a computation based on the MIP-RK, when a Mobile IP Root Key (MIP-RK) that is derived from the EMSK is sent; or acquiring, by the Anchor Authenticator, new MIP security key MN-FA-K and FA-HA-K directly from the AAA Server, when one of the EMSK, MIP-FA-RK, MIP-RK and a MIP security key between an Mobile Node (MN) and the FA (MN-FA-K) that is derived from the EMSK and a MIP security key between an FA and the HA (FA-HA-K) that is derived from the EMSK is sent; or computing, by the Anchor Authenticator, the FA-HA-K that is required by the FA based on the HA-RK sent by the AAA Server first, and computing the MN-FA-K that is required by the FA based on the EMSK or MIP-FA-RK or MIP-RK sent by the AAA Server, when one of the EMSK, MIP-FA-RK, MIP-RK and MN-FA-K and a Root Key for generating a MIP security key between the FA and HA (HA-RK) is sent.
 31. The method of claim 28, wherein when the FA migrates, a new Anchor Authenticator delivers new MIP security key to the migrated destination FA; or the destination FA requests the new Anchor Authentication for the new MIP security key.
 32. The method of claim 27, wherein receiving by the HA a new MIP security key for the HA which is sent by the AAA Server actively and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: acquiring directly, by the HA, the new MIP security key from the received security key information or acquiring the new MIP security key through a computation based on the received security key information, and replacing corresponding old MIP security key that is stored locally with the new MIP security key.
 33. The method of claim 27, wherein requesting by the HA from the AAA Server a new MIP security key for the HA and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: receiving, by the HA, the MIP Registration Request, wherein the MIP Registration Request carries an Authentication Extension (AE) between an MN and the AAA Server and an Network Access Identifier (NAI) Extension; initiating, by the HA, with the AAA Server an authentication and a request for MIP security key information; returning, by the AAA Server, result of authentication and new MIP security key for the HA to the HA after the AAA Server has authenticated the AE between the MN; replacing, by the HA, the old MIP security key that is locally stored with the returned new MIP security key.
 34. The method of claim 27, wherein requesting, by the HA, from the AAA Server a new MIP security key for the HA and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: receiving, by the HA, a MIP Registration Request, wherein the MIP Registration Request carries an AE between an MN and the HA, and the AE comprises at least a result value of a request message after encrypted computation and a Security Parameter Index (SPI), the SPI uses a new SPI value that is different from the SPI used before Re-Authentication of the MS; initiating, by the HA, a request for acquiring security key with the AAA Server if the HA discovers that the SPI is different after the HA has received the MIP Registration Request; and authenticating the result value carried in the Authentication Extension of the MIP Registration Request that is currently received by using the newly acquired security key; and replacing corresponding old MIP security key and old SPI that are locally stored with the new MIP security key and new SPI if the authentication is passed.
 35. The method of claim 34, wherein the new MIP security key is used in the AE between an MN and the HA; wherein the new SPI value is computed from the new MIP security key, or the new SPI is a unique value, selected by the MS, corresponding to a NAI of the MS.
 36. The method of claim 28, wherein when the MS, FA and HA replace the MIP security key, the Security Association is also replaced.
 37. The method of claim 36, wherein replacing the Security Association comprises: replacing the SPI, wherein an old SPI value that is locally stored is replaced with the new SPI carried in the MIP Registration Request that has passed a current authentication; and/or replacing lifetime of security key, an old lifetime of security key that is locally stored is replaced with the new lifetime of security key corresponding to the new MIP security key.
 38. A method for generating and distributing Mobile IP (MIP) security key after Re-Authentication, comprising: generating, by an Authentication Authorization Accounting (AAA) Server, an Extended Master Session Key (EMSK) during a Re-Authentication process; delivering, by the AAA Server, a new third security key information to an Anchor Authenticator, the new third security key information is the EMSK or is derived from the EMSK; acquiring, by the Anchor Authenticator, a new third MIP security key based on the new third security key information, which is the EMSK or is derived from the EMSK; acquiring, by a Proxy Mobile IP (PMIP) Station corresponding to the MS, the new third MIP security key from the Anchor Authenticator, and replacing the corresponding old third MIP security key that is locally stored with the new third MIP security key; or the Anchor Authenticator storing the new third MIP security key, and the PMIP acquiring the new third MIP security key from the Anchor Authenticator when the PMIP Station initiates a MIP Registration Request; receiving, by a Home Agent (HA), a new fourth MIP security key information for the HA which is sent by the AAA Server actively; or requesting, from the AAA Server, the new fourth MIP security key information for the HA, wherein the new fourth MIP security key information is the EMSK or is derived from the EMSK, and replacing the corresponding old fourth MIP security key information that is locally stored with the new fourth MIP security key information that is sent by the AAA Server actively or requested from the AAA Server.
 39. The method of claim 38, further comprising: delivering, by the Anchor Authenticator, a new MIP security key that is needed by a Foreign Agent (FA) to the FA; or requesting, by the FA, new MIP security key that is required by the FA from the Anchor Authenticator; replacing, by the FA, an old MIP security key with the new MIP security key.
 40. The method of claim 39, further comprising: when the FA migrates, a new Anchor Authenticator delivers new MIP security key to the migrated destination FA; or the destination FA requests the new Anchor Authentication for the new MIP security key.
 41. The method of claim 38, wherein receiving by the HA a new MIP security key for the HA which is sent by the AAA Server actively and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: acquiring directly, by the HA, the new MIP security key from the received security key information or acquiring the new MIP security key through a computation based on the received security key information, and replacing corresponding old MIP security key that is stored locally with the new MIP security key.
 42. The method of claim 38, wherein requesting by the HA from the AAA Server a new MIP security key for the HA and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: receiving, by the HA, the MIP Registration Request, wherein the MIP Registration Request carries an Authentication Extension (AE) between an MN and the AAA Server and an Network Access Identifier (NAI) Extension; initiating, by the HA, with the AAA Server an authentication and a request for MIP security key information; returning, by the AAA Server, result of authentication and new MIP security key for the HA to the HA after the AAA Server has authenticated the AE between the MN; and replacing, by the HA, the old MIP security key that is locally stored with the returned new MIP security key.
 43. The method of claim 38, wherein requesting by the HA from the AAA Server a new MIP security key for the HA and replacing the corresponding old MIP security key that is locally stored with the new MIP security key comprises: receiving, by the HA, a MIP Registration Request, wherein the MIP Registration Request carries an AE between an MN and the HA, and the AE comprises at least a result value of a request message after encrypted computation and a Security Parameter Index (SPI), and wherein the SPI uses a new SPI value that is different from the SPI used before Re-Authentication of the MS; and initiating, by the HA, a request for acquiring security key with the AAA Server after the HA has received the MIP Registration Request; and authenticating the result value carried in the Authentication Extension of the MIP Registration Request that is currently received by using the newly acquired security key; and replacing corresponding old MIP security key and old SPI that are locally stored with the new MIP security key and new SPI if the authentication is passed.
 44. The method of claim 43, wherein the new MIP security key is used in the AE between an MN and the HA; wherein the new SPI value is computed from the new MIP security key, or the new SPI is a unique value, selected by the PMIP or Anchor Authenticator, corresponding to a NAI of the MS.
 45. The method of claim 39, wherein when the MS, FA and HA replace the MIP security key, the Security Association is also replaced.
 46. The method of claim 45, wherein replacing the Security Association comprises: replacing SPI, wherein an old SPI value that is locally stored is replaced with the new SPI carried in the MIP Registration Request that has passed a current authentication; and/or replacing lifetime of security key, wherein an old lifetime of security key that is locally stored is replaced with the new lifetime of security key corresponding to the new MIP security key. 